CISCO-3294 

AMENDMENTS TO THE CLAIMS: 
The following listing of claims will replace all prior versions of claims in the application: 

1. (Canceled) 

2. (Currently Amended) A method for preventing denial of service attacks against 
Hypertext Transfer Protocol (HTTP) servers, the method comprising: 

receiving a HTTP request from a subscriber having an established connection over using 
a first communication network coupled to at least one other communication network, said 
request including a Universal Resource Locator (URL); 

receiving a profile for said subscriber; 

filtering said request to determine whether said subscriber is authorized to make said 
request based upon said profile, said filtering including: 

updating a client HTTP request count when said request for said URL is a HTTP 
GET request or a HTTP POST request; and 

applying HTTP server denial of service attack preventative measures when a 
client HTTP request frequency based on said client HTTP request count exceeds a 
maximum HTTP request frequency; 
and 

forwarding said request to said at least one other communication network when said 
subscriber is authorized to make said request. 

3. (Previously Presented) The method of claim 2, wherein said applying further 
comprises setting an alarm when said client HTTP request frequency exceeds said maximum 
HTTP request frequency. 
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4. (Original) The method of claim 3, further comprising sending said alarm to an 
Internet Service Provider (ISP) associated with said subscriber. 

5. (Previously Presented) The method of claim 2, wherein said applying further 
comprises dropping the data packet containing said request when said client HTTP request 
frequency exceeds said maximum HTTP request frequency. 

6. (Previously Presented) The method of claim 2, wherein said applying further 
comprises shutting down the account used to access said first communication network when said 
client HTTP request frequency exceeds said maximum HTTP request frequency. 

7. (Previously Presented) The method of claim 6, wherein said applying further 
comprises disabling HTTP requests for a hold-down period when said client HTTP request 
frequency exceeds said maximum HTTP request frequency. 

8. (Previously Presented) The method of claim 7, further comprising increasing said 
hold-down period each time said client HTTP request frequency exceeds said maximum HTTP 
request frequency. 

9. (Previously Presented) The method of claim 8, wherein said hold-down period 
increases exponentially each time said client HTTP request frequency exceeds said maximum 
HTTP request frequency. 
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10-12. (Canceled) 

13. (Currently Amended) A program storage device readable by a machine, embodying 
a program of instructions executable by the machine to perform a method to prevent denial of 
service attacks against Hypertext Transfer Protocol (HTTP) servers, the method comprising: 

receiving a HTTP request from a subscriber having an established connection over using 
a first communication network coupled to at least one other communication network, said 
request including a Universal Resource Locator (URL); 

receiving a profile for said subscriber; 

filtering said request to determine whether said subscriber is authorized to make said 
request based upon said profile, said filtering including: 

updating a client HTTP request count when said request for said URL is a HTTP 
GET request or a HTTP POST request; and 

applying HTTP server denial of service attack preventative measures when a 
client HTTP request frequency based on said client HTTP request count exceeds a 
maximum HTTP request frequency; 
and 

forwarding said request to said at least one other communication network when said 
subscriber is authorized to make said request. 

14. (Previously Presented) The program storage device of claim 13, wherein said 
applying further comprises setting an alarm when said client HTTP request frequency exceeds 
said maximum HTTP request frequency. 
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15. (Original) The program storage device of claim 14, further comprising sending said 
alarm to an Internet Service Provider (ISP) associated with said subscriber. 

16. (Previously Presented) The program storage device of claim 13, wherein said 
applying further comprises dropping the data packet containing said request when said client 
HTTP request frequency exceeds said maximum HTTP request frequency. 

17 (Previously Presented) The program storage device of claim 13, wherein said 
applying further comprises shutting down the account used to access said first communication 
network 

when said client HTTP request frequency exceeds said maximum HTTP request 
frequency. 

18. (Previously Presented) The program storage device of claim 17, wherein said 
applying further comprises disabling HTTP requests for a hold-down period when said client 
HTTP request frequency exceeds said maximum HTTP request frequency. 

19. (Previously Presented) The program storage device of claim 18, further comprising 
increasing said hold-down period each time said client HTTP request frequency exceeds said 
maximum HTTP request frequency. 

20. (Previously Presented) The program storage device of claim 19, wherein said hold- 
down period increases exponentially each time said client HTTP request frequency exceeds said 
maximum HTTP request frequency. 
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21-23. (Canceled) 

24. (Currently Amended) An apparatus for preventing denial of service attacks against 
Hypertext Transfer Protocol (HTTP) servers, the apparatus comprising: 

means for receiving a HTTP request from a subscriber having an established connection 
over using a first communication network coupled to at least one other communication network, 
said request including a Universal Resource Locator (URL); 

means for receiving a profile for said subscriber; 

means for filtering to determine whether said subscriber is authorized to make said 
request based upon said profile, said means for filtering including: 

means for updating a client HTTP request count when said request for said URL 
is a HTTP GET request or a HTTP POST request; and 

means for applying HTTP server denial of service attack preventative measures 
when a client HTTP request frequency based on said client HTTP request count exceeds 
a maximum HTTP request frequency; 
and 

means for forwarding said request to said at least one other communication network 
when said subscriber is authorized to make said request. 

25. (Previously Presented) The apparatus of claim 24, wherein said means for applying 
further comprises means for setting an alarm when said client HTTP request frequency exceeds 
said maximum HTTP request frequency. 
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26. (Original) The apparatus of claim 25, further comprising means for sending said 
alarm to an Internet Service Provider (ISP) associated with said subscriber. 

27. (Previously Presented) The apparatus of claim 24, wherein said means for applying 
further comprises means for dropping the data packet containing said request when said client 
HTTP request frequency exceeds said maximum HTTP request frequency. 

28. (Previously Presented) The apparatus of claim 24, wherein said means for applying 
further comprises means for shutting down the account used to access said first communication 
network when said client HTTP request frequency exceeds said maximum HTTP request 
frequency. 

29. (Previously Presented) The apparatus of claim 28, wherein said means for applying 
further comprises means for disabling HTTP requests for a hold-down period 

when said client HTTP request frequency exceeds said maximum HTTP request 
frequency. 

30. (Previously Presented) The apparatus of claim 29, further comprising means for 
increasing said hold-down period each time said client HTTP request frequency exceeds said 
maximum HTTP request frequency. 

3 1 . (Previously Presented) The apparatus of claim 30, wherein said hold-down period 
increases exponentially each time said client HTTP request frequency exceeds said maximum 
HTTP request frequency. 
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32-35. (Canceled) 

36. (Currently Amended) An apparatus capable of preventing denial of service attacks 
against Hypertext Transfer Protocol (HTTP) servers, said apparatus comprising: 

a first receiving interface capable of accepting a HTTP request received from a subscriber 
having an established connection originating from using a first communication network, said 
request including a Universal Resource Locator (URL); 

a profile request generator capable of generating a profile request based upon said HTTP 
request; 

a first forwarding interface capable of sending said profile request to an Authentication, 
Authorization, and Accounting (AAA) server; 

a second receiving interface capable of accepting a requested profile; 

a filter capable of determining whether said HTTP request is authorized based upon said 
requested profile, said filter including: 

an updater to update a client HTTP request count when said HTTP request for 

said URL is a HTTP GET request or a HTTP POST request; and 

a responder to apply HTTP server denial of service attack preventative measures 

when a client HTTP request frequency based on said client HTTP request count exceeds 

a maximum HTTP request frequency; 

an authorizer capable of allowing said HTTP request to be forwarded on at least one 
other communication network coupled to said first communication network; and 

a second forwarding interface capable of forwarding said HTTP request on said at least 
one other communication network. 
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37. (Previously Presented) The apparatus of claim 36, wherein said responder further 
sets an alarm when said client HTTP request frequency exceeds said maximum HTTP request 
frequency. 

38. (Previously Presented) The apparatus of claim 37, wherein said responder sends said 
alarm to an Internet Service Provider (ISP) associated with said subscriber. 

39. (Currently Amended) The apparatus of claim 36, wherein said responder drops the 
data packet containing said HTTP request when said client HTTP request frequency exceeds said 
maximum HTTP request frequency. 

40. (Previously Presented) The apparatus of claim 36, wherein said responder shuts 
down the account used to access said first communication network when said client HTTP 
request frequency exceeds said maximum HTTP request frequency. 

41. (Previously Presented) The apparatus of claim 40, wherein said responder disables 
HTTP requests for a hold-down period when said client HTTP request frequency exceeds said 
maximum HTTP request frequency. 

42. (Previously Presented) The apparatus of claim 41, wherein said responder increases 
said hold-down period each time said client HTTP request frequency exceeds said maximum 
HTTP request frequency. 
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43. (Previously Presented) The apparatus of claim 42, wherein said responder increases 
said hold-down period exponentially each time said client HTTP request frequency exceeds said 
maximum HTTP request frequency. 



44,45. (Canceled) 
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